WP-Safety

cbVegas Security & Risk Analysis

wordpress.org/plugins/cb-vegas

Requires at least: 3.9 Tested up to: 4.7.2 Stable tag: 0.3.6 Version: 0.3.6 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.

20 active installs v0.3.6 PHP + WP + Updated Mar 22, 2017
backgroundfullscreenimageslidesslideshow
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is cbVegas Safe to Use in 2026?

Generally Safe

Score 85/100

cbVegas has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "cb-vegas" plugin v0.3.6 exhibits a generally good security posture with no known vulnerabilities or CVEs recorded in its history. The static analysis reveals a lack of dangerous functions, SQL injection risks through prepared statements, file operations, and external HTTP requests. Furthermore, the plugin implements nonce checks and capability checks, which are positive indicators of security awareness. However, a significant concern arises from the output escaping, with only 8% of outputs being properly escaped out of 24 total outputs. This low rate suggests a high potential for cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into web pages viewed by other users. While the attack surface is relatively small and all entry points have some form of protection, the unescaped output is a critical weakness that needs immediate attention.

Key Concerns

  • Low rate of output escaping
Vulnerabilities
None known

cbVegas Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

cbVegas Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
22
2 escaped
Nonce Checks
9
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

8% escaped24 total outputs
Attack Surface

cbVegas Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 7

authwp_ajax_add_slideadmin\menu\class-cb-vegas-settings-page.php:140
authwp_ajax_duplicate_slideadmin\menu\class-cb-vegas-settings-page.php:141
authwp_ajax_sort_slidesadmin\menu\class-cb-vegas-settings-page.php:142
authwp_ajax_remove_slideadmin\menu\class-cb-vegas-settings-page.php:143
authwp_ajax_add_slideshowadmin\menu\class-cb-vegas-settings-page.php:145
authwp_ajax_duplicate_slideshowadmin\menu\class-cb-vegas-settings-page.php:146
authwp_ajax_remove_slideshowadmin\menu\class-cb-vegas-settings-page.php:148
WordPress Hooks 23
actionadmin_enqueue_scriptsadmin\class-cb-vegas-admin.php:98
actionadmin_enqueue_scriptsadmin\class-cb-vegas-admin.php:99
actionplugin_row_metaadmin\class-cb-vegas-admin.php:100
actionin_admin_headeradmin\includes\class-cb-vegas-help-tab.php:58
actionload-post.phpadmin\includes\class-cb-vegas-meta-box.php:49
actionload-post-new.phpadmin\includes\class-cb-vegas-meta-box.php:50
actionadd_meta_boxesadmin\includes\class-cb-vegas-meta-box.php:76
actionsave_postadmin\includes\class-cb-vegas-meta-box.php:78
actionafter_setup_themeadmin\includes\class-cb-vegas-wp-support.php:58
actionafter_setup_themeadmin\includes\class-cb-vegas-wp-support.php:59
actionadmin_enqueue_scriptsadmin\menu\class-cb-vegas-settings-page.php:123
actionadmin_enqueue_scriptsadmin\menu\class-cb-vegas-settings-page.php:124
actionadmin_menuadmin\menu\class-cb-vegas-settings-page.php:126
actionadmin_enqueue_scriptsadmin\menu\class-cb-vegas-settings-page.php:127
actionadmin_noticesadmin\menu\class-cb-vegas-settings-page.php:128
actionadmin_enqueue_scriptsadmin\menu\includes\class-cb-vegas-localisations.php:65
actionadmin_enqueue_scriptsadmin\menu\includes\class-cb-vegas-localisations.php:66
actionadmin_initadmin\menu\includes\class-cb-vegas-settings.php:96
actionadmin_initadmin\menu\includes\class-cb-vegas-settings.php:97
actionplugins_loadedincludes\class-cb-vegas.php:76
actionwp_enqueue_scriptspublic\class-cb-vegas-public.php:85
actionwp_enqueue_scriptspublic\class-cb-vegas-public.php:86
actionwp_enqueue_scriptspublic\class-cb-vegas-public.php:87
Maintenance & Trust

cbVegas Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedMar 22, 2017
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

cbVegas Alternatives

Jellyfish backdrop

Jellyfish backdrop

jellyfish-backdrop

A
85

Fullscreen background images and background slideshows on any WordPress post or page. Easily upload and select images using the media library.

100 No CVEs
Easy Fullscreen Slider

Easy Fullscreen Slider

easy-fullscreen-slider

A
85

An easy-to-use WordPress fullscreen slider plugin for Supersized.

100 No CVEs
Envoke Supersized

Envoke Supersized

envoke-supersized

A
85

This plugin creates an easy to use interface for managing the Supersized jQuery Plugin on your site.

60 No CVEs
Smart Slider 3

Smart Slider 3

smart-slider-3

A
89

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 8 CVEs
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

B
76

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 38 CVEs
Developer Profile

cbVegas Developer Profile

Demis Patti

3 plugins · 150 total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect cbVegas

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cb-vegas/admin/css/admin.css/wp-content/plugins/cb-vegas/vendor/fancy-select/fancySelect.js/wp-content/plugins/cb-vegas/admin/js/meta-box.js
Script Paths
/wp-content/plugins/cb-vegas/vendor/fancy-select/fancySelect.js/wp-content/plugins/cb-vegas/admin/js/meta-box.js
Version Parameters
cb-vegas/admin/css/admin.css?ver=cb-vegas/vendor/fancy-select/fancySelect.js?ver=cb-vegas/admin/js/meta-box.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-cb-vegas-settings
JS Globals
CBVegascbVegasSettings
FAQ

Frequently Asked Questions about cbVegas